Chapter 11. The Medium Network Implementation

Terms you'll need to understand:

• Headend

• Man-in-the-middle attack

• Network topology discovery

• Password attack

• Trust exploitation

Techniques you'll need to master:

• Performing a threat analysis for VPN services

• Analyzing design alternatives

In this chapter, we do with the medium network what we did with the small network in the last chapterlook at it from these five points of view:

• Assets to be protected

• Threats to those assets

• Devices used and their implementation and configuration

• Threats mitigated

• Design alternatives

In the case of the medium business network, however, we're talking about a larger and more complex edge, although the campus is the same architecturally (even if it has more hosts ). The medium network might be a business in its own right (standalone), perhaps serving as the headend for smaller organizations, or it might be a branch operation of an even larger organization (in which case, it is a large branch). Whatever its role, just like the small network, it must be secured as an entity.

Because the medium network is larger and more complex than the small network, you can expect to see more questions on the exam concerning its structure, how it is secured, and what alternatives you might want to implement. As always with Cisco exam questions, the devil will be in the details of the question phrasing .

For review, Figure 11.1 shows the medium business network model in its entirety.